IPV6 TRANSITION STRATEGIES

Alessandro Salesi Athens, Apr 13rd 2011

JUNIPER PERSPECTIVE ON IPV4 EXHAUSTION AND IPV6 DEPLOYMENT

2
Copyright 2011 Juniper Networks, Inc. www.juniper.net

IPV6 NEWS
2008Q4 - Google IPv6 launch (ipv6.google.com) 2008Q4 - Free 6rd deployment 2009-06 - Comcast announce Ipv6 Transit Wholesale service 2009-06 - Netflix available through Ipv6 2009-06 - VZ Wireless announce that any LTE phone will have to have an IPv6@ to connect their network 2010-1 - Comcast announce Ipv6 trial for end customer in april 2010-2 - Youtube is now available on IPv6 2010-7 T-Mobile USA is launching an Ipv6-only trial 2010-9 USA Federal agencies CIO announced Ipv6 services schedule 2010-11 Akamai announced their IPv6 project (rollout in 2011) 2010-12 Level3 is offering Ipv6 transit 2010-12 VZW launched their LTE network. Dual stack and full IPv6 IMS.

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

IPV4 REALITY CHECK: IANA FREE POOL HAS EXHAUSTED

IANA exhaust: 2/1/2011 RIR exhaust: soon after

2008 recession effect Pre 2008 recession Post 2008 recession

0%

After completion: Existing IPv4 addresses will not stop working. Current networks will still operate.
4
Copyright 2011 Juniper Networks, Inc. www.juniper.net

INDUSTRY IPV6 SCORE CARD

Function Network Element Core Router: T Edge Routers: MX, 6PE Servers Linux 2.6+ Datacenter equipments, CDN End-user clients Windows 7 (Many XP boxes out there) MacOS 10.x Game consoles Wii, PS3, Xbox Software Web Browser: Firefox, IE, Safari Skype On-line PC games SSL VPN Content CE
5

Status

Number 1&2 issues

Web content available over IPv6 CPEs

Copyright 2011 Juniper Networks, Inc. www.juniper.net

WEB REACHABILITY ON IPV6? COMCAST IPV6 MONITOR /1

Source: http://ipv6monitor.comcast.net

0.17%
Google had white-listed Comcast for a short period of time

Average 0.15%

0.14% Dec 2009 Oct 2010

Current measurement:
0.15% of Alexa top 1-million web sites are available via IPv6
(This number has not changed in the last 12 months) Source: http://ipv6monitor.comcast.net
6
Copyright 2011 Juniper Networks, Inc. www.juniper.net

WEB CONTENT ON IPV6? COMCAST IPV6 MONITOR /2

Source: http://ipv6monitor.comcast.net

20%

Google had white-listed Comcast for a short period of time

10%

0%

There is a direct correlation between content popularity and IPv6 presence.

Source: http://ipv6monitor.comcast.net
7
Copyright 2011 Juniper Networks, Inc. www.juniper.net

# DNS QUERY

Source : Yoshinobu Matsuzaki @ IIJ

8
Copyright 2011 Juniper Networks, Inc. www.juniper.net

IPv6/IPv4 = 0.41%

IPV6 ALONE IS NOT THE ANSWER TO IPV4 ADDRESS DEPLETION

Feb 1st 2011: IPv4 exhaustion occurred.

Today: CGN solves IPv4 exhaust.

Short Term: IPv6 to simplify IPv4 service delivery.

IPv6 networks with IPv4 overlays enable the management of a large number of customers while maintaining an IPv4 service.

Medium Term: Emergence of IPv6 content.

The decoupling of deploying IPv6 networks from the deployment of IPv6 applications & content solves the chicken and egg problem. IPv6 traffic is a cap& grow strategy around NAT scaling issues.

Long Term: IPv4 dies (very slowly) .

IPv4 & IPv6 co-exist until IPv6 become pervasive.
9
Copyright 2011 Juniper Networks, Inc. www.juniper.net

IPV6 UNDER-LAYER (L2.5): DS-LITE

Dual-stack wireless device provisioned only with IPv6

The IPv4 NAT function is moved from the CPE to a box in the service provider network: Only one level of NAT

Requires: - IPv6 access network - DS-Lite aware IPv6 CPE ISP IPv6 Network
IPv4

IPv4 & IPv6

IPv6/IPv4 tunnel

AFTR

CPE are provisioned only with IPv6

IPv6 traffic flows directly

IPv6

10

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

PROBLEM STATEMENT: GETTING CONTENT AVAILABLE OVER IPV6 QUICKLY

How to get example.com web site available over IPv6 quickly and at the lowest possible cost?
Get everything dual-stack (Network, Load-balancer, Servers) Get the network dual-stack and leave the servers IPv4
(Easier, as the engineering teams dealing with servers are often not the same as the ones dealing with the network)

Dont touch anything and let some else handle the problem

An IPv6->IPv4 translator in the cloud can do this translation for you.

11
Copyright 2011 Juniper Networks, Inc. www.juniper.net

PRODUCT TO BUILD: TRANSLATOR IN THE CLOUD TO QUICKLY DELIVER IPV6 SERVICE

IPv4 address of www.example.com IPv6 IPv6 clients www.example.com DNS AAAA 2001:
NAT 64

IPv4

Translator Cloud

12

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

IPV4/IPV6 TRANSITION MECHANISM CHOICE

IPv4/IPv6 Mechanism
20 18 16 14 A+P 6rd 12 10 8 6 4 2 0 A+P 6rd 6to4 DS-Lite NAT444 NAT64 NAT66 4rd 6to4 DS-Lite NAT444 NAT64 NAT66 4rd

13

No. of Customers

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

OBSERVATIONS ABOUT TRANSITION TECHNIQUES

All transition techniques (NAT444+6RD, NAT64, DS-Lite) revolve around the notion of sharing IPv4 addresses via some form of NAT.

They all require the exact same amount of IPv4 addresses to be shared in a NAT pool.
The difference is how packets are transported to the NAT

Sharing addresses among customers introduces issues:

LEA/Abuse/Logging/Geo-location/Access control

14

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

CONCLUSION Now is the time to get serious about IPv6. In doing so, it is critical to preserve IPv4 service. Key hot topics are: Replacing every CPE to enable IPv6 Making the operation of IPv4 NAT technologies scale Getting content on IPv6

15

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

UPCOMING KEY TECHONOLOGIES

16
Copyright 2011 Juniper Networks, Inc. www.juniper.net

UPCOMING TECHNOLOGY: PCP (NEW DEVELOPMENT)

PCP: Port Control Protocol PCP objectives are to enable applications to receive incoming connections in the presence of an ISP NAT/Firewall. Instead of working around NATs like other NAT traversal techniques like STUN/TURN/ICE, PCP enables an explicit dialog between applications and the NAT. PCP can be seen as a carrier-grade evolution of UPnP-IGD and NAT-PMP. The work on PCP is done at IETF in a new working group cochaired by Alain Durand (Juniper) & Dave Thaler (Microsoft).

17

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

PCP IN A NUTSHELL
Applications negotiate ports with the ISP NAT to establish external presence. Application asks: Id like to get port 5000 for 48 hours, NAT PCP server responds: I give you port 6003 for 12 hours.

No more keep-alive!
Better radio efficiency Better battery life

ISP network
IPv4 NAT

18

Copyright 2011 Juniper Networks, Inc.

www.juniper.net

JUNIPER SOLUTIONS
19
Copyright 2011 Juniper Networks, Inc. www.juniper.net

IP FAMILY TRANSITION SERVICES ON MS-PIC/MS-DPC

IPv6 Features
IPv6 NAT and IPv6 Stateful Firewall NAT-PT Supported (ICMP ALG) NAT-PT DNS ALG (10.4) Stateful NAT66 supported NAT64 (10.4)

8 MS-DPC supported by Single MX Chassis (1H2011)

NAT44
Support CGN requirement (draft-ietf-behave-lsn-requirements-00)

IPv6 Softwire
DS-Lite (10.4) 6rd/6to4 (11.1-Now)
20
Copyright 2011 Juniper Networks, Inc. www.juniper.net